refactor: reorganize crypto module structure and enhance key operations

- Restructure crypto module: remove algorithm.rs and p256.rs, add AES and ChaCha20 support
- Enhance X25519 implementation with improved error handling and operations
- Refactor ED25519 module with better key generation and signing capabilities
- Add dedicated error module for better error management
- Create new key module in capsula-key for centralized key operations
- Update dependencies in Cargo.toml files for both crates
- Add multiple example files demonstrating key operations (key_demo, key_file_demo, key_pem_demo, x25519_demo)
- Include test utilities (test_loaded_keys.rs, analyze_encrypted_key.sh)
- Update storage_demo example to reflect new API changes

BREAKING CHANGE: Algorithm and P256 modules removed, API restructured

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

Author: atlas-form

.gitignore

@@ -2,6 +2,9 @@
 # will have compiled files and executables
 debug/
 target/
+keys/
+demo_keys/
+
 
 # Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
 # More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html

Cargo.toml

@@ -20,17 +20,35 @@ path = "examples/full_demo.rs"
 name = "storage_demo"
 path = "examples/storage_demo.rs"
 
+[[example]]
+name = "key_demo"
+path = "examples/key_demo.rs"
+
+[[example]]
+name = "key_file_demo"
+path = "examples/key_file_demo.rs"
+
+[[example]]
+name = "key_pem_demo"
+path = "examples/key_pem_demo.rs"
+
+[[example]]
+name = "x25519_demo"
+path = "examples/x25519_demo.rs"
+
 [dependencies]
 capsula-pki = { path = "crates/capsula-pki" }
 capsula-core = { path = "crates/capsula-core" }
 capsula-api = { path = "crates/capsula-api" }
 capsula-key = { path = "crates/capsula-key" }
+capsula-crypto = { path = "crates/capsula-crypto" }
 
 # 通用依赖
-serde = { version = "1.0", features = ["derive"] }
-serde_json = "1.0"
-thiserror = "2.0"
-time = { version = "0.3", features = [
+serde = { workspace = true }
+serde_json = { workspace = true }
+hex = { workspace = true }
+thiserror = { workspace = true }
+time = { workspace = true, features = [
     "serde",
     "macros",
     "formatting",
@@ -57,11 +75,13 @@ repository = "https://github.com/ancient/capsula"
 
 [workspace.dependencies]
 # 内部 crates
+capsula-crypto = { path = "crates/capsula-crypto" }
 capsula-pki = { path = "crates/capsula-pki" }
 capsula-core = { path = "crates/capsula-core" }
 capsula-api = { path = "crates/capsula-api" }
 capsula-key = { path = "crates/capsula-key" }
 
+
 # 外部依赖
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
@@ -75,12 +95,14 @@ time = { version = "0.3", features = [
 hex = "0.4"
 
 # 加密相关
-ed25519-dalek = { version = "2.2", features = ["pkcs8", "pem", "rand_core"] }
-x25519-dalek = { version = "2.0.1", features = [] }
+ed25519-dalek = { version = "2.2" }
+x25519-dalek = { version = "2.0.1" }
 p256 = { version = "0.13", features = [] }
+pkcs8 = { version = "0.10", features = ["pem"] }
 getrandom = "0.3"
 sha2 = "0.10"
 signature = "2.2"
+base64 = "0.22.1"
 
 # 证书相关
 rcgen = { version = "0.14", features = ["pem"] }
@@ -90,6 +112,7 @@ pem = "3.0"
 
 # 密钥存储相关
 chacha20poly1305 = { version = "0.10", features = ["std"] }
+aes-gcm = { version = "0.10", features = ["std", "aes"] }
 
 # 开发依赖
 tempfile = "3.12"

analyze_encrypted_key.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+echo "=== Analyzing Encrypted Private Key Structure ==="
+echo
+
+# Save the encrypted key to a file
+cat > encrypted_key.pem << 'EOF'
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIGkMGAGCSqGSIb3DQEFDTBTMDIGCSqGSIb3DQEFDDAlBBBbLaF5L8ETOFeOm5kj
+sNYSAgMJJ8AwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEONA7IKGbBuFmEyH
+9jDC/iIEQOEHJgW/5fQSzIOcnbiMhlcNnmVrIqzk1Nw1O7w35uiX0lftt/AIOZj4
+4wuETg79ymhr9xQ4DnMUhjFid3VWRAU=
+-----END ENCRYPTED PRIVATE KEY-----
+EOF
+
+# Extract just the base64 content
+cat encrypted_key.pem | grep -v "BEGIN\|END" | tr -d '\n' > encrypted_key.b64
+
+echo "Base64 content length: $(wc -c < encrypted_key.b64) characters"
+echo
+
+# Decode to binary and check size
+base64 -d encrypted_key.b64 > encrypted_key.der
+echo "Binary size: $(wc -c < encrypted_key.der) bytes"
+echo
+
+# Show hex dump of first part (ASN.1 structure)
+echo "First 32 bytes (hex) showing ASN.1 structure:"
+xxd -l 32 encrypted_key.der
+echo
+
+echo "=== Comparison ==="
+echo
+echo "Plain Ed25519 key: 32 bytes → ~44 base64 chars"
+echo "Encrypted Ed25519 key: ~164 bytes → ~220 base64 chars"
+echo
+echo "The encrypted version contains:"
+echo "  1. PKCS#8 wrapper structure"
+echo "  2. Encryption algorithm identifiers (PBES2, PBKDF2, AES)"
+echo "  3. Salt for key derivation"
+echo "  4. Iteration count for PBKDF2"
+echo "  5. IV for AES encryption"
+echo "  6. The actual encrypted key data"
+
+# Clean up
+rm -f encrypted_key.pem encrypted_key.b64 encrypted_key.der

crates/capsula-crypto/Cargo.toml

@@ -7,14 +7,19 @@ license.workspace = true
 repository.workspace = true
 
 [dependencies]
-# Ed25519 signatures
-ed25519-dalek = { workspace = true }
-
-# X25519 key exchange
-x25519-dalek = { workspace = true, features = ["pkcs8"] }
-
-# P256 (NIST P-256/secp256r1) 
+thiserror = { workspace = true }
+serde_json = { workspace = true }
+base64 = { workspace = true, features = [] }
+
+ed25519-dalek = { workspace = true, features = [
+    "pkcs8",
+    "pem",
+    "rand_core",
+    "zeroize",
+] }
+x25519-dalek = { workspace = true, features = ["static_secrets", "zeroize"] }
 p256 = { workspace = true, features = ["ecdsa"] }
+pkcs8 = { workspace = true }
 
 # PEM encoding
 pem = { workspace = true }
@@ -28,5 +33,9 @@ getrandom = { workspace = true }
 # Encoding
 hex = { workspace = true }
 
+# Symmetric encryption
+chacha20poly1305 = { workspace = true }
+aes-gcm = { workspace = true }
+
 [dev-dependencies]
 tempfile = { workspace = true }

crates/capsula-crypto/src/aes.rs

@@ -0,0 +1,112 @@
+//! AES-GCM authenticated encryption
+//!
+//! Provides AEAD encryption using AES-GCM algorithm with 256-bit keys.
+
+use aes_gcm::{
+    aead::{Aead, AeadCore, KeyInit, OsRng},
+    Aes256Gcm, Key, Nonce,
+};
+
+use crate::error::{Error, Result};
+
+/// AES-256-GCM cipher wrapper
+pub struct Aes {
+    cipher: Aes256Gcm,
+}
+
+impl Aes {
+    /// Create a new AES-256-GCM cipher from a 32-byte key
+    pub fn new(key: &[u8; 32]) -> Result<Self> {
+        let cipher = Aes256Gcm::new(Key::<Aes256Gcm>::from_slice(key));
+        Ok(Self { cipher })
+    }
+
+    /// Encrypt data with AES-256-GCM
+    ///
+    /// Returns encrypted data with 12-byte nonce prepended
+    pub fn encrypt(&self, plaintext: &[u8]) -> Result<Vec<u8>> {
+        // Generate random nonce (12 bytes for AES-GCM)
+        let nonce = Aes256Gcm::generate_nonce(&mut OsRng);
+        
+        // Encrypt the plaintext
+        let ciphertext = self.cipher
+            .encrypt(&nonce, plaintext)
+            .map_err(|e| Error::Other(format!("AES-GCM encryption failed: {}", e)))?;
+        
+        // Prepend nonce to ciphertext
+        let mut result = Vec::with_capacity(nonce.len() + ciphertext.len());
+        result.extend_from_slice(&nonce);
+        result.extend_from_slice(&ciphertext);
+        
+        Ok(result)
+    }
+
+    /// Decrypt data with AES-256-GCM
+    ///
+    /// Expects encrypted data with 12-byte nonce prepended
+    pub fn decrypt(&self, encrypted_data: &[u8]) -> Result<Vec<u8>> {
+        // Check minimum length (12 bytes nonce + at least 16 bytes auth tag)
+        if encrypted_data.len() < 28 {
+            return Err(Error::Other("Encrypted data too short for AES-GCM".to_string()));
+        }
+        
+        // Extract nonce from the first 12 bytes
+        let (nonce_bytes, ciphertext) = encrypted_data.split_at(12);
+        let nonce = Nonce::from_slice(nonce_bytes);
+        
+        // Decrypt the ciphertext
+        let plaintext = self.cipher
+            .decrypt(nonce, ciphertext)
+            .map_err(|e| Error::Other(format!("AES-GCM decryption failed: {}", e)))?;
+        
+        Ok(plaintext)
+    }
+}
+
+/// Encrypt data using AES-256-GCM with a one-time key
+///
+/// # Arguments
+/// * `key` - 32-byte encryption key
+/// * `plaintext` - Data to encrypt
+///
+/// # Returns
+/// Encrypted data with 12-byte nonce prepended
+pub fn encrypt(key: &[u8; 32], plaintext: &[u8]) -> Result<Vec<u8>> {
+    let aes = Aes::new(key)?;
+    aes.encrypt(plaintext)
+}
+
+/// Decrypt data using AES-256-GCM with a one-time key
+///
+/// # Arguments
+/// * `key` - 32-byte encryption key
+/// * `encrypted_data` - Encrypted data with 12-byte nonce prepended
+///
+/// # Returns
+/// Decrypted plaintext
+pub fn decrypt(key: &[u8; 32], encrypted_data: &[u8]) -> Result<Vec<u8>> {
+    let aes = Aes::new(key)?;
+    aes.decrypt(encrypted_data)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_encrypt_decrypt() {
+        let key = [0u8; 32];
+        let plaintext = b"Hello, AES-256-GCM!";
+        
+        // Test standalone functions
+        let encrypted = encrypt(&key, plaintext).unwrap();
+        let decrypted = decrypt(&key, &encrypted).unwrap();
+        assert_eq!(decrypted, plaintext);
+        
+        // Test struct methods
+        let aes = Aes::new(&key).unwrap();
+        let encrypted = aes.encrypt(plaintext).unwrap();
+        let decrypted = aes.decrypt(&encrypted).unwrap();
+        assert_eq!(decrypted, plaintext);
+    }
+}